OpenSSL flaw allows slowing down websites and applications with client authentication

For your online application or server to be secure, SSL/TLS certificates are necessary. While many trustworthy certificate authorities charge a fee for SSL/TLS certificates, it is also feasible to create your own certificate using OpenSSL. Self-signed certificates may nonetheless encrypt your online traffic even if they don’t have the approval of a reputable organization. The OpenSSL team published an advisory describing the high severity CVE-2023-2650 issue. However, given that OpenSSL is one of the most widely used encryption libraries and powers a significant amount of the internet’s TLS-protected traffic, this might still be a concern.

Although not the most serious, this moderate vulnerability might possibly cause OpenSSL to operate less quickly by delaying the processing of certain cryptographic components.

In the context of OpenSSL, object IDs for ASN.1 (Abstract Syntax Notation One) are used to identify and specify cryptographic algorithms. This causes certain specifically constructed ASN.1 object IDs or data containing them to be processed extremely slowly.

Applications that directly utilize OBJ_obj2txt() or use any of the OpenSSL subsystems without a message size limit—OCSP, PKCS7/SMIME, CMS, CMP/CRMF, or TS—may have noticeable to very lengthy delays while processing such messages, which might result in a Denial of Service.

Sub-identifiers, the majority of which have no size restrictions, make up an object identifier. Using the OpenSSL type ASN1_OBJECT, one may convert an ASN.1 OBJECT IDENTIFIER provided in DER encoding form to its canonical numeric text form, which consists of the sub-identifiers of the OBJECT IDENTIFIER in decimal form, separated by periods.

The conversion to a decimal number in text may take a very lengthy time when one of the sub-identifiers in the OBJECT IDENTIFIER is extremely big (these are sizes that are perceived as outrageously enormous, taking up tens or hundreds of KiBs). The size of the sub-identifiers in bytes (*), where ‘n’ is the number, determines the temporal complexity as O(n2).

The ability to get cryptographic methods using names or IDs in string form was added with OpenSSL 3.0. This includes utilizing OBJECT IDs as IDs for fetching algorithms in canonical numeric text form.

The ASN.1 structure AlgorithmIdentifier, which is often used in several protocols to define which cryptographic method should be used to sign or verify, encrypt or decrypt, or digest supplied data, may be used to accept such OBJECT IDENTIFIERs.

With any version of OpenSSL, applications that directly use OBJ_obj2txt() with untrusted data are vulnerable. The severity is deemed minimal if the usage is only for exhibition purposes.

This affects the subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF, or TS in OpenSSL 3.0 and newer. It affects anything that uses X.509 certificates, including simple operations like confirming its signature.

Due to the 100KiB restriction on the peer’s certificate chain in all OpenSSL versions, the effect on TLS is very minimal. Furthermore, only clients or servers that have expressly enabled client authentication are affected.

This only impacts the presentation of certain objects, such as X.509 certificates, with OpenSSL 1.1.1 and 1.0.2. These versions are thought to be unaffected by the problem to the extent that it would be of concern, and the severity is thus regarded as low. It is expected that this won’t occur in a fashion that would result in a Denial of Service.

It’s critical to keep our systems updated as long as we continue to depend on OpenSSL’s cryptographic services in order to prevent DoS attacks like CVE-2023-2650 and to ensure the maximum degree of security and effectiveness.